German Court Says You Must Secure Your WiFi Or You May Get Fined

from the open-wifi-is-illegal? dept

Miranda Neubauer was the first of a few of you to send in the news of a bizarre German court ruling that makes it effectively illegal to offer open WiFi. Seriously:

Germany's top criminal court ruled Wednesday that Internet users need to secure their private wireless connections by password to prevent unauthorized people from using their Web access to illegally download data.

Internet users can be fined up to euro100 ($126) if a third party takes advantage of their unprotected WLAN connection to illegally download music or other files, the Karlsruhe-based court said in its verdict.

"Private users are obligated to check whether their wireless connection is adequately secured to the danger of unauthorized third parties abusing it to commit copyright violation," the court said.

This is backwards in so many ways. First, open WiFi is quite useful, and requiring a password can be a huge pain, limiting all sorts of individuals and organizations who have perfectly good reasons for offering free and open WiFi. Second, fining the WiFi hotspot owner for actions of users of the service is highly troubling from a third party liability standpoint. The operator of the WiFi hotspot should not be responsible for the actions of users, and it's troubling that the German court would find otherwise. This is an unfortunate ruling no matter how you look at it.

Filed Under: copyright, germany, passwords, security, third party liability, wifi, wireless

SitePoint: Rather Than Freaking Out Over Piracy, We Decided To Adapt

from the good-for-them dept

AnonJr alerts us to the news that publisher/media firm SitePoint, has decided to do away with the passwords on the PDF versions of its books, noting that it seemed to only serve to piss off customers:

In the 18 months I have worked at SitePoint, barely a week has gone by where I have not received at least a couple of emails from customers questioning the logic behind our password protection policy. My response, based on the SitePoint philosophy, was always that we were taking an ethical (if largely symbolic) stance on the piracy issue. But how long could we maintain that line while simultaneously placing primacy on the customer experience, as all the while more and more requests to remove password protection poured in.

As a web development resource and learning centre, we know that we must embrace the state of flux -- not as a lofty ideal, but as a normative imperative. You can't claim to be all about the cutting edge when you're stubbornly clinging to old, outmoded processes -- especially when your own beloved customers are urging you to move on. And if we're not keeping pace with the constantly evolving face of web design and development, then we're neither a resource nor a learning centre -- we're a museum.

Kudos to another company recognizing that pissing off your best customers is hardly a way to run a business.

Filed Under: adapting, customers, ebooks, markets, passwords, pdf
Companies: sitepoint

Student Files Lawsuit After Teacher Demands Facebook Password, Logs Into Account & Distributes Private Messages

from the wow dept

Remember the story recently about how Bozeman, Montana was asking all applicants for city jobs to hand over their social networking passwords so city officials could log into their accounts? After some widespread complaints, the city smartly backed down, but apparently they're not the only ones demanding passwords. CitMediaLaw points us to a lawsuit filed in Mississippi, concerning a high school student who turned over her Facebook password at the demand of a teacher at the school. The teacher proceeded to log into her account, read her private messages and then send them around to others at the school, causing a lot of problems for the girl.

Apparently, the teacher had originally demanded usernames and passwords to Facebook from a bunch of students to see if they were doing anything illegal (drugs, drinking, etc.), which is already pretty questionable from a privacy standpoint (and violates Facebooks' terms of service). But to then use the contents of private communication to publicly humiliate the girl and punish her for her private messages seems to go way beyond what is both right and legal. Other students at the school had quickly deleted their Facebook profiles when the teacher demanded their passwords, but this girl chose not to, but certainly never expected what followed. It's amazing that any teacher would think that they have a right to demand access to private social networking accounts and then to make use of the content of private messages in that manner.

Filed Under: passwords, social networks, students, teachers
Companies: facebook

Encrypting Data Doesn't Do Much Good If You Tape The Password To The Storage Device...

from the just-saying... dept

In the early days of large scale data leaks online, the mantra one heard over and over again was "encryption, encryption, encryption!" Yet, encryption alone doesn't do much good, if you tape the passwords to decrypt the data to the storage device itself (found via Michael Scott). Yet, whaddaya know? That's exactly what happened in a recent data breach in the UK, though I'm sure similar breaches happen all over the world. This is what happens when someone preaches a specific action in security, rather than actual secure thinking and planning.

Filed Under: encryption, leaks, passwords

Sex Offenders In Georgia Required To Hand Over Passwords... To Protect The Children

from the fighting-the-wrong-problem-again dept

It's really amazing what sort of laws are being passed in the name of "protecting the children." The latest is a law in Georgia that requires all sex offenders not only to hand over all of their online usernames and email addresses (which some other states require), but also the passwords to all of their accounts. The idea is that authorities can now log into their accounts and see what they're doing -- which seems like a massive privacy violation. I have absolutely no problem whatsoever with punishing convicted sex offenders, but these sorts of laws go beyond punishment -- especially when the majority of sex offenders these days aren't the "internet predators" that everyone's so worried about, but people who already know the victim in some way. Also, this would mean that any time a convicted sex offender signed up for a new account somewhere, they'd have to hand over the info -- and even one slip-up can put them back in jail. It's hard to see how this law could possibly be constitutional, and I'm guessing that eventually we'll see a lawsuit to address just that issue, wasting plenty of taxpayer money. I'm not sure how that actually protects any children.

Filed Under: georgia, passwords, privacy, sexual offenders

SF Reveals Usernames And Password To City Network In Accidental Effort To Prove Terry Childs' Case For Him

from the that-would-be-an-oops dept

In the ongoing lawsuit against the disgruntled city of San Francisco tech worker, Terry Childs, who held the city's network somewhat hostage for a few days (before finally coughing up the admin password to Mayor Newsom), the San Francisco DA has now entered into evidence approximately 150 usernames and passwords of individuals who log into the city's network via a VPN from home. City officials don't seem too concerned that they're revealing the usernames and passwords, even though that would appear to be a huge security violation.

From the description, it sounds like the system uses two-factor authentication, so beyond username and password, users also have to enter in a second code (perhaps provided by an RSA key or something like that). However, that still doesn't mean that revealing the usernames and passwords was smart. It's still a tremendous security violation. It's hard to see why they couldn't have submitted that as evidence that needed to be kept secret, given the nature of it. Also, it would seem that revealing all this info actually does much more to help Childs' case: he claims he was keeping the admin password secret because city officials weren't very good with security, and would have compromised the system. And, indeed, it appears that's what they've now done.

Filed Under: passwords, san francisco, terry childs

Chocolate No Longer As Effective In Separating Men From Their Passwords?

from the fun-with-statistics,-headlines-and-chocolate dept

There are a bunch of headlines today about the fact that people will give up their passwords in exchange for some chocolate, but most of the reports seem to be missing the point. Similar studies have been conducted for years. Four years ago, we saw an almost identical study. Other studies have shown that people will give up their passwords for a ballpoint pen or chance to win theater tickets. None of this really proves very much. The "chocolate" hook is really just for generating headlines. After all, a similar study showed that people would give up private data if you just ask nicely. Chocolate may have nothing to do with it.

In reality, though, the interesting part of this chocolate story is the fact that the number of people who give up their password for chocolate is way down this year compared to the same study last year. Last year 64% gave up their password, whereas this year only 21% did. That's a huge difference, and should make you question the methodology. It certainly sounds like the results could depend very much on how persuasive the questioner is. Hire someone who's a good social engineer, and the numbers go up. For the same reason, I wouldn't give very much credence to the other headline coming out of this study that women are more likely than men to hand over their passwords. Again, without testing it under identical circumstances, it's tough to determine that for sure. A good social engineer will be able to get passwords out of plenty of people, whether using chocolate, a ballpoint pen or just plain sweet talk.

Filed Under: chocolate, passwords, security, social engineering

Microsoft Must Pay $140 Million For Using Multiple Passwords To Activate Its Software

from the patent-insanity dept

Another day, another problematic patent ruling. Microsoft now needs to pay $140 million for violating a patent on using two or more passwords to protect against unauthorized use of a piece of software. Yes, someone actually got a patent on that idea. The company in question, Z4 Technologies, claims to be in the business of making DRM products, but the company's website only talks up its patents -- not any particular solutions. It doesn't appear to have anything for sale (or, if it does, it needs to hire a better marketing team). The website focuses on various ridiculous and easily-proven-false quotes about the so-called "losses" due to "piracy." Microsoft and Autodesk were the targets of the suit, which of course was filed in Marshall, Texas despite no one being anywhere near Texas. The judge in the original case sided with the patent holder and added a bonus of willful infringement against Microsoft. The latest ruling is from the appeal at CAFC, who appears to have kept the willful infringement finding, despite the standard for willful infringement changing. Perhaps Microsoft and Autodesk will start to realize that this is another ridiculous "cost" associated with pointless attempts at using DRM, and realize that its both cheaper and more efficient not to bother. Anyone want to calculate how much in "losses" such a DRM solution probably stopped vs. how much Microsoft now needs to pay?

Filed Under: passwords, patents, software patents